Major Security Vulnerability on PrestaShop Websites - CVE-2022-31101

Last update: Aug 9, 2022

Contributors Forks Stargazers Issues MIT License

Fix Major Security Vulnerability on PrestaShop Websites 🚀

CVE-2022-31101 detector and fixer!

A newly found exploit could allow remote attackers to take control of your shop

Read more about the vulnerability here: https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/.

Fix the backdoor

The module will make a security fix that strengthens the MySQL Smarty cache storage against code injection attacks.

Run this module on your shop to close the security issue.

Remove the malware

Many who have been hacked through this vulnerability have found that their payment gateway has been replaced with a fake one. If you are a victim of this attack, the module can probably recover your shop.

Run this module on your shop to recover from the attack.

How does the module work?

The module scans the files of your shop based on a pattern. This pattern is designed to find vulnerabilities and infected files known from the security issue.

The module will solve the problems automatically or tell you how to solve them manually.

(back to top)

Install the module

  1. Download the latest version of the module: https://github.com/MathiasReker/blmvuln/releases/latest

  2. Login into your shop's back office

  3. Go to "Module Manager"

  4. Click on "Upload a Module"

  5. Upload and install the module

(back to top)

Usage

  1. Open the module and click "Run the cleaning process".

  2. After running the cleaning process, you can uninstall the module.

(back to top)

Compatibility

  • PrestaShop 1.6.1+
  • thirty bees 1.0.0+
  • PHP 7.0+

(back to top)

Roadmap

See the open issues for a complete list of proposed features (and known issues).

(back to top)

Contributing

If you have a suggestion to improve this, please fork the repo and create a pull request. You can also open an issue with the tag "enhancement". Finally, don't forget to give the project a star! Thanks again!

(back to top)

License

It is distributed under the MIT License. See LICENSE for more information.

(back to top)

GitHub

https://github.com/MathiasReker/blmvuln
You might also like...

Queue Management Systems for LPG vendor agencies of Sri Lanka, for the LPG shortages in 2022

gas-queue-mgt Queue Management Systems for LPG vendor agencies of Sri Lanka, for the LPG shortages in 2022 Installation Requirements PHP 7.4 or later

Mar 30, 2022

Trabajo final de la materia Bases de Datos 1. Creación de una base de datos con MySQL y desarrollo de una página web con PHP para manipularla. UNAL sede Medellín, semestre 2022-1.

Trabajo final BD: i-Lunch Materia: Bases de Datos I Profesor: Francisco Javier Moreno Arboleda Institución: Universidad Nacional de Colombia sede Mede

Jul 9, 2022

This tool can help you to see the real IP behind CloudFlare protected websites.

This tool can help you to see the real IP behind CloudFlare protected websites.

CrimeFlare Bypass Hostname Alat untuk melihat IP asli dibalik website yang telah dilindungi CloudFlare. Introduction Alat ini berfungsi untuk melakuka

Oct 20, 2021

This project aims to facilitate the management of websites monitored by the blackbox exporter, via a web UI.

This project aims to facilitate the management of websites monitored by the blackbox exporter, via a web UI. The UI would allow to add/remove sites, groups, and even add different fields in the prometheus database.

Nov 6, 2021

crm_chatbot is an app which allows to create a chat for websites.

CRM Chatbot This app could be installed only in the Midrub CMS version 0.0.8.5+. In older versions it will break anything. DEMO VIDEO: https://youtu.b

Mar 22, 2022

Share content between your websites.

Share content between your websites.

Distributor Distributor is a WordPress plugin that makes it easy to distribute and reuse content across your websites — whether in a single multisite

Aug 12, 2022

Helper script to aid upgrading magento 2 websites by detecting overrides. Now supports third party module detections

ampersand-magento2-upgrade-patch-helper Helper scripts to aid upgrading magento 2 websites, or when upgrading a magento module This tool looks for fil

Jul 29, 2022

Build lightning-fast and feature-rich websites with ProcessWire.

WIREKIT Core Build lightning-fast and feature-rich websites with ProcessWire. Website: wirekit.dev (in plans) Demo: start.wirekit.dev/core/ Updates: W

Feb 12, 2022

Admidio is a free open source user management system for websites of organizations and groups. The system has a flexible role model so that it’s possible to reflect the structure and permissions of your organization.

Admidio is a free open source user management system for websites of organizations and groups. The system has a flexible role model so that it’s possible to reflect the structure and permissions of your organization.

Admidio Admidio is a free open source user management system for websites of organizations and groups. The system has a flexible role model so that it

Aug 4, 2022
Comments
  • 1. Controller has not been found...

    Thanks for the module, i have installed it in 1.6.1.17 and after opening the module i got error msg.

    Controller has not been found...

    Error log is clean.

    Reviewed by KapriQ at 2022-07-27 08:10
  • 2. BLM Vulnerability

    Hi,

    I have' just used your BLM Module. All has gone well but there is one file it says maybe infected but when running clean it does not fix it.

    The file is ............. The following files looks infected. They will be restored or removed by running the cleaning process: docker-compose.yml

    Is this something i can fix or need to be worried about ?

    Many thanks in advance.

    cypr00

    Reviewed by cypr00 at 2022-07-26 17:48
  • 3. No "Run the cleaning process" button

    Hello @MathiasReker

    Thank you for this module.

    And after installation, I can't find the "Run the cleaning process" button, so I can't run it.

    Reviewed by Inovyou06 at 2022-07-27 14:53
  • 4. Menu icon still present after uninstalling the module

    Problem: After uninstalling the module on PrestaShop 1.6, it is still present in the menu.

    Work around: Go to: Administration -> Menus -> remove blmvuln from the list

    Reviewed by MathiasReker at 2022-07-27 09:54
A high-performance license server system service for creating and managing products, major versions, and software licenses for the purpose of selling installable software products.
A high-performance license server system service for creating and managing products, major versions, and software licenses for the purpose of selling installable software products.

A high-performance license server system service for creating and managing products, major versions, and software licenses for the purpose of selling installable software products. Comes with a SDK and command-line tool. Works anywhere that PHP runs.

Aug 8, 2022
Log4j RCE - (CVE-2021-44228)
Log4j RCE - (CVE-2021-44228)

Log4j-RCE Log4j RCE - (CVE-2021-44228) How To Run? php log4j.php https://1337.com Requirements PHP CURL PAYLOAD DNS LOG (Collaborator Burpsuite or use

Dec 23, 2021
cve-2021-38314 - Unauthenticated Sensitive Information Disclosure
cve-2021-38314 - Unauthenticated Sensitive Information Disclosure

cve-2021-38314 - Unauthenticated Sensitive Information Disclosure The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress regi

May 15, 2022
Exploiting and fixing security vulnerabilities of an old version of E-Class. Project implemented as part of the class YS13 Cyber-Security.

Open eClass 2.3 Development of XSS, CSRF, SQLi, RFI attacks/defences of an older,vulnerable version of eclass. Project implemented as part of the clas

Apr 23, 2022
Upgrade module for PrestaShop

1-Click Upgrade About Upgrade to the latest version of PrestaShop in a few clicks, thanks to this automated method. This module is compatible with all

Aug 6, 2022
A dockerized PHP application containing some file upload vulnerability challenges (scenarios)

File Upload Vulnerability Scenarios (Challenges) This repository is a dockerized PHP application containing some file upload vulnerability challenges

Jul 27, 2022
2022 edition of the inRage Theme fully based on Gutenberg with the support of Roots Sage 10
2022 edition of the inRage Theme fully based on Gutenberg with the support of Roots Sage 10

2022 Edition - inRage theme This version of the theme is compatible with the Full site editing of Wordpress 5.8/5.9 and use Sage 10 in order to manage

Apr 20, 2022
Projet Jura2021-2022

CodeIgniter 4 Framework What is CodeIgniter? CodeIgniter is a PHP full-stack web framework that is light, fast, flexible, and secure. More information

Jan 3, 2022
Mailing Microservice - My solution for Moroccan PHPers's February 2022 Challenge
Mailing Microservice - My solution for Moroccan PHPers's February 2022 Challenge

Mailing Microservice Solution for Moroccan PHPers's February 2022 Challenge by Rabyâ Raghib ([email protected]). It mainly consists of: a php app th

Aug 11, 2022
A&D challenge for AIS3 EOF CTF 2022 Final.

A&D challenge for AIS3 EOF CTF 2022 Final.

Feb 28, 2022